Phishing with Windows Calculator

The are increasingly trying to stop viruses and malware, even if you don't have the best protection software installed.

So malware developers have to be very creative to infect systems. Attacks using Windows 7's Calculator application have therefore recently been observed.

calc win11

X X X X X X X X X X X X X X X X "ProxyLife" He discovered that some malware and phishing attacks are using Windows 7's Calculator app to break into modern Windows PCs, Bleeping Computer reports.

The attack starts by tricking someone into downloading an ISO disc image disguised as a PDF or something else , which contains a which opens a malicious copy of the Calculator application.

Why are they using an outdated one of the Calculator app to hack systems?

Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.

Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.

Newer versions of the Calculator app included with Windows are not vulnerable. That's why they use an older version.

tracing

The used in the phishing attack, are “calc.exe” from Windows 7 and two ProxyLife DLL files

It's not yet clear if Microsoft has updated Defender to recognize this type of attack, but if you're not downloading files from strange websites (or email attachments from people you don't know), you probably don't need to worry.

Update:

On our Facebook page we saw comments questioning the above, using Microsoft's non-support of Windows 7 as justification. You should read the whole text before judging it.

So above we mention:

“Why are they using an outdated version of the Calculator app to hack systems?

Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.”

Attackers use an older application to attack new systems:

“Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.

Newer versions of the Calculator app included with Windows are not vulnerable. That's why they're using an older version.”

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
windows, phishing, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).